CVE-2025-55247: 
C# Análise e mitigação de vulnerabilidades

A vulnerability in .NET, identified as CVE-2025-55247, was discovered and disclosed on October 14, 2025. The issue involves improper link resolution before file access ('link following') that allows an authorized attacker to elevate privileges locally. The vulnerability affects multiple versions of .NET, including versions 8.0.0 through 8.0.21 and 9.0.0 through 9.0.10 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High severity) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, low privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. The vulnerability is classified under CWE-59 (Improper Link Resolution Before File Access) (NVD, Ubuntu).

The vulnerability poses significant security risks as it allows privilege escalation in local environments. With a high severity rating and maximum impact scores for confidentiality, integrity, and availability, successful exploitation could give attackers elevated access to affected systems (NVD).

Multiple vendors have released fixes for the vulnerability. Ubuntu has patched affected versions with updates 8.0.121-8.0.21 for .NET 8 and 9.0.111-9.0.10 for .NET 9 across various distributions. It's worth noting that .NET 7 is end of life upstream and will not receive updates (Ubuntu).